Cyber attacks linked to hackers in China

WASHINGTON — Some of the computer codes used in the recent attacks on the networks of Google and dozens of other major U.S. companies were developed by a diverse group of Chinese hackers including security professionals, consultants and temporary contractors, according to an industry source.

The attacks, disclosed Jan. 12 by Google, were routed in part through servers at technical schools in China — a tactic that allows hackers to obfuscate their identity, said the source, who is familiar with the investigation.

The source said that some of the contractors involved in the attack were based at Chinese and American tech companies in China. He and another source said, however, that other servers in China besides those at the schools were also used.

The two schools whose servers were used are Shanghai Jiaotong University and Lanxiang Vocational School, both of which have links to the top ranks of information security specialists in China, said one of the sources, who was not authorized to speak on the record. The connection to the schools was first reported online Thursday night by the New York Times.

The developers of the code, who took advantage of a vulnerability in systems using Internet Explorer 6, include students who hack for prestige, said one source. He added that investigators have narrowed the list of hackers to about six individuals, but declined to identify them.

These code developers did not execute the attack or "nose around" in the networks of Google or other firms, he said, saying they're out in the open with it, passing the code back and forth on open-source hacker forums, in some cases with their hacker handles attached.

The distributed, decentralized nature of the attack explains why it's so difficult to determine who ordered it and why.

Google said last month the aggressors stole "intellectual property," which industry sources said included source code, or the code that underlies Google's popular applications.

Given the nature of the firms attacked — defense contractors including Northrop Grumman; energy companies such as Dow Chemical; and tech firms including Yahoo, Adobe and Symantec; as well as the e-mail accounts of human rights activists — analysts have concluded the attack was part of a concerted espionage effort. The Chinese government denied it was involved.